Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
AnalysisAI
Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.
Technical ContextAI
NVIDIA Triton Inference Server is an open-source, production-grade ML inference serving platform designed to deploy and serve AI models at scale, commonly exposed via HTTP/gRPC endpoints in cloud and on-premises ML infrastructure. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal), a class of vulnerability where user-supplied input is incorporated into filesystem path construction without adequate canonicalization or boundary enforcement. In Triton's case, the traversal does not result in file disclosure (C:N, I:N in CVSS) but instead triggers a condition - such as an unhandled exception, resource exhaustion, or invalid path dereference - that degrades or terminates the inference service. The CPE string cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:* uses a wildcard version field, indicating NVD has not bounded the affected range to specific releases, implying broad version exposure.
RemediationAI
Consult and apply the guidance in the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5828, which is the authoritative source for fixed versions and official mitigations. No specific patched release version was present in the available intelligence, so exact upgrade targets should be confirmed directly from that advisory before deployment. As a compensating control pending patch application, restrict network access to Triton Inference Server API endpoints (default HTTP port 8000, gRPC port 8001) to trusted internal hosts or authenticated proxies only - this directly limits the attack surface given the AV:N/PR:N vector. Note that network-layer restrictions may not be feasible in public-facing inference deployments and do not address the root cause. Input validation at an API gateway or reverse proxy to reject requests containing path traversal sequences ('../', '%2e%2e%2f') is an additional layer but carries risk of false positives affecting legitimate model or repository path parameters.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same weakness CWE-22 – Path Traversal
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31052
GHSA-q9w5-fmq7-c9x3